What Are Employers Looking For?

If you’re interested in pursuing a career as an information security professional, the findings of a recent survey by the Information Technology Association of America (ITAA) should interest you. Experience seems to be key with the ITAA members who responded to the e-mail survey. Most members say that even entry-level security job candidates should have at least a year of professional experience. In addition, 43 percent of respondents say that job candidates do not have enough hands-on experience.

The ITAA surveyed its members in August 2003 via an e-mail-based survey. The results of the survey include responses from 50 information technology firms.

The more experience you have, the harder you are to find, according to survey respondents. These IT firms said that it is more difficult to find senior information security professionals, with 70 percent saying they had difficulty finding security professionals with five to eight years of experience, and 66 percent saying they had trouble finding security professionals with more than eight years of experience. Entry-level security professionals should have at least a year of professional experience, according to respondents.

If you want to land a job as an information security professional, the job boards and classified ads may not be the best method for you. Nearly 70 percent of the respondents said the best method for finding information security professionals was by hiring from within their organizations, and 52 percent said they also use “word of mouth.” So if you’re looking for work, ask your friends and peers to keep you posted on openings within their organizations.

If you’re looking to earn a security certification to boost your chances of finding a job as a security professional, consider the Certified Information Security Systems Professional (CISSP) certification from the International Information Security Systems Certification Consortium (ISC)2. More than 81 percent of respondents to the ITAA’s survey said that the CISSP carries the most weight of security certifications.

You can also up the ante by playing up your soft skills. More than one-third (36 percent) of respondents to the survey said that security professionals lack soft skills. Most important? The ability to work in a group environment and verbal communication.